Reflected XSS Vulnerability in Sunshine Photo Cart
CVE-2024-30194

7.1HIGH

Key Information:

Vendor: WordPress
Status: Sunshine Photo Cart
Vendor: CVE Published:; 27 March 2024

Summary

A vulnerability exists in the Sunshine Photo Cart by WP Sunshine, allowing for reflected cross-site scripting (XSS) attacks. This issue arises from the improper neutralization of input during web page generation, which could enable malicious actors to inject harmful scripts into web pages viewed by users. Users of affected versions of Sunshine Photo Cart, specifically those from n/a through 3.1.1, are at risk. It is crucial for users and administrators to apply necessary patches and implement security measures to mitigate potential exploitation of this vulnerability.

Affected Version(s)

Sunshine Photo Cart <= 3.1.1

References

https://patchstack.com/database/vulnerability/sunshine-ph...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 25, 2024

Credit

Dimas Maulana (Patchstack Alliance)